FORTINET, INC. FortiGuard Labs Threat Research Report
Affected platforms: Microsoft Windows
Impacted parties: Windows Users
Impact: Collects sensitive information from victims' computers
Severity level: Critical
The FortiGuard Labs team was recently monitoring a new phishing campaign that uses the classic strategy of attaching a malicious Microsoft Word document to an unsolicited email that recipients were then asked to open. However, after I performed some deep research on this phishing campaign, I realized that a fresh malware was being delivered by the Word document designed to steal crypto wallet information and credentials from the victims' infected devices. This malware doesn't seem to belong to any known malware family, so we named it 'dmechant', which is a constant string compiled in the malware sample.
In this analysis I reveal my findings on this new malware, including how it is launched by the Word document, how the executable deploys itself on the victim's device, what kind of sensitive information it searches for, and how stolen data is sent to the attacker via SMTP protocol.
The Email Captured by FortiGuard Labs and the Word DocumentThe spam email looks like an urgent order reminder from a purchase manager. It asks the recipient to review the materials in the attached Word document and then reply to the email as soon as possible.
Attachments
- Original document
- Permalink
Disclaimer
Fortinet Inc. published this content on 19 July 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 19 July 2021 19:57:07 UTC.
